Created
May 25, 2024 16:40
-
-
Save cjac/25a5e615e868850bec18e6fdeede8679 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cjac@moon:~$ cat /mnt/tmp/boot/1.4-rolling-202103210217/rw/config/scripts/vyos-postconfig-bootup.script | |
| #!/bin/sh | |
| # This script is executed at boot time after VyOS configuration is fully applied. | |
| # Any modifications required to work around unfixed bugs | |
| # or use services not available through the VyOS CLI system can be placed here. | |
| # | |
| # SIX configurations as per https://www.seattleix.net/faq#linux | |
| # | |
| SIX_IFNAME=eth3 | |
| ip link set multicast off dev ${SIX_IFNAME} | |
| sysctl -w net.ipv4.conf.all.arp_filter=1 | |
| sysctl -w net.ipv4.conf.all.arp_announce=1 | |
| sysctl -w net.ipv6.conf.${SIX_IFNAME}.autoconf=0 | |
| sysctl -w net.ipv6.conf.${SIX_IFNAME}.router_solicitations=-1 | |
| sysctl -w net.ipv4.neigh.${SIX_IFNAME}.base_reachable_time_ms=14400000 | |
| sysctl -w net.ipv6.neigh.${SIX_IFNAME}.base_reachable_time_ms=14400000 | |
| # SIX subnets should only be reachable by this router, so anything to be forwarded should be dropped: | |
| iptables -A FORWARD -d 206.81.80.0/22 -o ${SIX_IFNAME} -j DROP | |
| # SIX subnets should only be reachable by this router, so anything to be forwarded should be dropped: | |
| ip6tables -A FORWARD -d 2001:504:16::/48 -o ${SIX_IFNAME} -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment